Vicarius Secures $30M Funding for AI-Driven Vulnerability Detection Solutions

If the recent influx of pitches in my inbox is any indication, “copilots” for cybersecurity are emerging as a significant trend in generative AI. Major tech players like Microsoft and Google are already in the game, alongside Vicarius, a platform specializing in vulnerability remediation. Vicarius has recently introduced vuln_GPT, a text-generating AI tool designed to help write scripts for system breach detection and remediation.

The attention from investors towards Vicarius may stem from its impressive 5x year-over-year growth, along with its ability to stay ahead of emerging trends. Co-founder and CEO Michael Assraf shared that the company has expanded its customer base to over 400 brands, including industry giants like PepsiCo, Hewlett Packard Enterprise, and Equinix.

Vicarius announced today that it has successfully closed a $30 million Series B funding round, led by Bright Pixel Capital, with contributions from AllegisCyber Capital, AlleyCorp, and Strait Capital. This funding round has set Vicarius’ valuation at twice that of its previous round, though Assraf did not disclose the specific figure. With this new capital, the total funds raised by Vicarius has reached approximately $56.7 million, primarily aimed at enhancing the product roadmap and expanding its team from 43 to a larger size.

“Vicarius automates much of the discovery, prioritization, and remediation workloads that security and IT teams face,” Assraf explained. “Our self-service model leads the charge in product-led growth, allowing customers to transparently test and discover value before making a purchase.”

Founded several years ago by Assraf, Yossi Ze’evi, and Roi Cohen, Vicarius was created in response to the repeated tactics of cyber attackers. As Assraf recounts, they observed that attackers frequently utilized the same foundational elements for their breaches.

“These foundational elements comprise third-party and operating system APIs provided by software libraries,” Assraf noted. “The overarching vision for Vicarius was to develop an intelligent permission manager for these system-level APIs.”

Currently, Vicarius focuses on analyzing applications for vulnerabilities, notifying customers when issues arise. If a patch is not available, the company employs what Assraf refers to as “in-memory protection,” theoretically safeguarding the application without necessitating a software upgrade—though I remain somewhat skeptical of this claim.

Additionally, Vicarius facilitates a community platform for security vulnerability researchers, enabling participants to share detection and remediation scripts and earn virtual currency in return. This community-driven dataset also feeds into the training of vuln_GPT. Notably, Assraf emphasizes that AI-generated scripts undergo validation before being delivered to customers, who can provide feedback through a dedicated module.

“We aim to position Vicarius at the forefront of AI-driven vulnerability remediation throughout its lifecycle,” Assraf stated. “This includes detection, prioritization, and proactive remediation.”

Vicarius has ambitious plans, intending to empower community security researchers to utilize their virtual currency for products, launch educational courses, and integrate the platform with existing service tools like ServiceNow and Jira. Additionally, the startup aims to penetrate new markets, particularly in the Asia Pacific, while continuing its expansion efforts in regions such as North America and Europe.

“For years, enterprises have struggled with implementing vulnerability management processes that overload security teams with too many tools and alerts,” Assraf remarked. “While most other security processes have made significant advances, the management of vulnerability remediation cycles has lagged, leaving businesses vulnerable to cyber threats. Consequently, customers are searching for a unified platform that streamlines, personalizes, and scales the vulnerability remediation process.”